/** * Process account recovery * * @param array $post * @return bool */ protected function processRecoverAccount(array $post) : bool { $username = $post['forgot_passphrase_for']; $airBrake = Gears::get('AirBrake'); if (IDE_HACKS) { $airBrake = new AirBrake(); } $failFast = $airBrake->failFast($username, $_SERVER['REMOTE_ADDR'], $airBrake::ACTION_RECOVER); if ($failFast) { $this->lens('recover_account', ['form_message' => \__('You are doing that too fast. Please wait a few seconds and try again.')]); } elseif (!$airBrake->getFastExit()) { $delay = $airBrake->getDelay($username, $_SERVER['REMOTE_ADDR'], $airBrake::ACTION_RECOVER); if ($delay > 0) { \usleep($delay * 1000); } } try { $recoverInfo = $this->acct->getRecoveryInfo($username); } catch (UserNotFound $ex) { // Username not found. Is this a harvester? $airBrake->registerAccountRecoveryAttempt($username, $_SERVER['REMOTE_ADDR']); $this->log('Password reset attempt for nonexistent user.', LogLevel::NOTICE, ['username' => $username]); return false; } if (!$recoverInfo['allow_reset'] || empty($recoverInfo['email'])) { // Opted out or no email address? Act like the user doesn't exist. $airBrake->registerAccountRecoveryAttempt($username, $_SERVER['REMOTE_ADDR']); return false; } $token = $this->acct->createRecoveryToken((int) $recoverInfo['userid']); if (empty($token)) { return false; } $state = State::instance(); if (IDE_HACKS) { $state->mailer = new Sendmail(); $state->gpgMailer = new GPGMailer($state->mailer); } $message = (new Message())->addTo($recoverInfo['email'], $username)->setSubject('Password Reset')->setFrom($state->universal['email']['from'] ?? 'no-reply@' . $_SERVER['HTTP_HOST'])->setBody($this->recoveryMessage($token)); try { if (!empty($recoverInfo['gpg_public_key'])) { // This will be encrypted with the user's public key: $state->gpgMailer->send($message, $recoverInfo['gpg_public_key']); } else { // This will be sent as-is: $state->mailer->send($message); } } catch (InvalidArgumentException $ex) { return false; } return true; }